Support Center > Search Results > SecureKnowledge Details
Harmony Endpoint for Linux Technical Level
Solution

What's New in the Latest Versions?

Version 0.0.682

  • Anti-Malware support for the following SUSE distributions:
    • SUSE Linux enterprise server (SLES) 12 SP5.
    • SUSE Linux enterprise server (SLES) 15 SP3.
    • OpenSUSE 15.3.
    • OpenSUSE 42.3.

Version 0.0.654

  • Remote command push operation support.
  • EDR engine enhancements.

Version 0.0.625

  • RHEL 8.4 support.
  • CentOS 8.4 support.
  • Oracle Linux 8.4 support.
  • Bug fixes.

Version 0.0.564

  • Performance enhancements.
  • Bug fixes.

Version 0.0.532

  • Behavioral Guard engine for Linux.
  • Anti-Malware performance enhancements.
  • Anti Malware process exclusion support (by process name).
  • Amazon Linux 2 OS support. 


Solution Brief 

Harmony Endpoint for Linux protects Linux Endpoint Machines from malware and allows threat hunting EDR capabilities. The solution is centrally managed and can be used as a Management-As-A-Service or deployed on a local on-premises server.

Note: Starting from R81, Harmony Endpoint for Linux is supported with EPS On-Prem or EPS Cloud Management. To enable Harmony Endpoint for Linux, you must enable the Linux installation package flag. To enable, see sk177250.

Key threat prevention technologies

1. Anti-Malware

  • Harmony Endpoint Linux Anti-Malware engine detects trojans, viruses, malware, and other malicious threats
  • Implemented as a multi-threaded flexible scanner daemon
  • Managed centrally via a web-console and also supports Command Line Utilities for on-demand file/folder scans, detection lists and file restorations
Featuring
  • Automatic signature updates
  • Smart version updates - always up to date

2. Endpoint Detection and Response (EDR) / Threat-Hunting

  • Collects all Linux raw events whether malicious, suspicious or benign for full visibility
  • Allows proactively searching for cyber threats that made it through the first line of defense and to the Linux Servers
  • Easy investigation capabilities, such as predefined queries to find suspicious activities

Supporting the following events:
  • Process - start / stop
  • Files - create / delete / rename / open
  • Network - local connections, ports, DNS


3. Behavioral Guard

  • Dynamic analysis of malwares executed on the endpoint based on the behavior manners of many types attacks such as ransomwares, cryptominers and trojans
  • Large set of constantly updated signatures to detect, prevent and remediate most modern attacks
  • Managed centrally via the web management

Featuring
  • Automatic signature updates based on the latest intelligence, constantly adopted to the latest attacks


Documentation

See the Harmony Endpoint Administration Guide > Chapter "Harmony Endpoint for Linux"

Supported Linux Versions

Distribution OS Version
Ubuntu 16.04
18.04
20.04
Debian 9.12 - 10.10
RHEL 7.8 - 8.4
CentOS 7.8 - 8.4
Oracle Linux 7.9 - 8.4
Amazon Linux 2
SUSE Linux enterprise server (SLES)* 12 SP5, 15 SP3
OpenSUSE* 15.3, 42.3

* Only anti-malware blade is supported

Prerequisites

URLs and domains that should be whitelisted:
  • https://secureupdates.checkpoint.com/sbalinux
  • https://s3.amazonaws.com/download.draios.com
  • https://gwevents.checkpoint.com/gwstats/services/antimalware/1_0_0/log
  • Access to each distribution standard repositories - url is not constant, mirror is chosen based on latency
  • for RHEL/CentOS also need access to EPEL (extra packages for enterprise Linux) repository**
  • if working with EP MaaS - please allow connection for Management server:
    https://*.epmgmt.checkpoint.com.
    Customers can use precise URL containing tenant name in FW rules
  • Anti Malware signature update URL:
    http(s)://cplinuxam.checkpoint.com
    Signatures source can be configured in AM policy
  • Threat Hunting URLs:
  • https://dev-cloudinfra-gw.kube1.iaas.checkpoint.com/auth/external
  • https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/stg-gcp-contractprovider
  • https://europe-west1-datatube-stg-244010.cloudfunctions.net


Known Limitations

Topic Description
AntiMalware On-Access AntiMalware is triggered on-access only for /home folder
AntiMalware Root-User Files accessed by root users (sudo) will not be scanned
AntiMalware Exclusions Supported path exclusions only
AntiMalware Signatures update Supported by a direct internet connection from the Linux client. Management server as a proxy is not supported.
AntiMalware RAR/Zip RAR/Zip archives are not supported.
ThreatHunting Exclusions  Supported process path exclusions only by path.
Supported environments 32/64 bit Product supports 64 bit OS only and doesn't support 32 bit.
Pending kernel updates If an OS kernel update is pending for installation, the Linux client installation may fail.
Linux Secure Boot is not supported Threat Hunting engine is not supported when Linux Secure Boot is enabled.
Compatibility with other AM providers  Any other (none Check Point) Anti Malware engines should be removed from the machine before installing Linux agent
OS upgrade OS upgrade is not supported - client will need to re-install the Linux agent after OS upgrade
Push Operations

Only the following Push Operation are supported:

1. Forensics push operation: Add\restore file from Quarantine from
2. AM Push operations: restore file from quarantine

No support for other push operations

Machine Type

Linux machines will always shows as Desktop machine in management overview page.

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment